Your Tinder swipes can be spied upon, Amazon is opening high street stores that don’t require any staff, and Russian fuel pumps are being infected with malware in an elaborate scheme to make large amounts of money.
With Carole on a top secret special assignment, it’s left to security veteran Graham Cluley to discuss all this and much much more on the “Smashing Security” podcast with special guests David McClelland and Vanja Švajcer.
0:00
0:00
0:00
0:00
Show full transcript ▼
This transcript was generated automatically, probably contains mistakes, and has not been manually verified.
Sorry, sorry, sorry, sorry, sorry, sorry, sorry. Yes, I know I'm late. I'm late, I'm late, but I'm ready to start the show. So you give me the word, Carole, and we'll begin. All right.
Okay. Carole? You there? Carole?
Okay. Carole? You there? Carole?
Smashing Security, Episode 62: Tinder Spying, Amazon Shop Ransomware, doxxing, and petrol pump malware with Carole Theriault and Graham Cluley.
Hello, hello, and welcome to episode 62 of Smashing Security. I'm Graham Cluley, and I'm not joined by my regular co-host Carole Theriault. Bad news for her many, many fans.
Unfortunately, Carole is unable to join us today. She's on a top-secret assignment.
However, we are enormously lucky to have two guests, two people who've starred on Smashing Security before, and they are going to jump into her sizeable shoes.
We've got Vanja Švajcer and David McClelland. Hello guys!
Unfortunately, Carole is unable to join us today. She's on a top-secret assignment.
However, we are enormously lucky to have two guests, two people who've starred on Smashing Security before, and they are going to jump into her sizeable shoes.
We've got Vanja Švajcer and David McClelland. Hello guys!
Hi Graham!
Hello Vanja, hello Graham!
Hi! Thank you for coming along and stepping in because she wasn't able to make it today. David, you live a very glamorous life. You're normally whizzing around places and—
Well, yeah.
Is it correct, David? I don't know if this is a myth or something. Is it correct that you have been in pantomime?
Oh yes, I have.
Oh no, you don't.
Oh yes.
So the big story, yeah, the backstory there is back in the '90s, I actually trained to be an actor and I went to drama school here in the UK for 3 years in lovely Guildford.
And pretty much every year since I left in 2000, I've done panto in one part of the country or another. Love it.
It's pretty much what Christmas has been about for me for years and years and years.
But I've got a young family of my own now, and the whole thing about going to a random part of the country and entertaining thousands other people's kids, but not being there for my own, it just got a little bit much.
So this year I decided to take a year off, to hang up my tights and my makeup and to see my kids do their Christmas shows instead. And lovely it was too.
And pretty much every year since I left in 2000, I've done panto in one part of the country or another. Love it.
It's pretty much what Christmas has been about for me for years and years and years.
But I've got a young family of my own now, and the whole thing about going to a random part of the country and entertaining thousands other people's kids, but not being there for my own, it just got a little bit much.
So this year I decided to take a year off, to hang up my tights and my makeup and to see my kids do their Christmas shows instead. And lovely it was too.
So what you're saying is that life, it's behind you?
Well, perhaps. I'm not going to lie.
Can I just say that for a continental European, that is one of the most bizarre things that you can encounter and experience in the UK. The pantomime, all the pantomime thing.
I was like, what's this pantomime everybody's saying? Go for a Christmas pantomime. And then we went and we're like, oh, and then we went again because it was just great.
I was like, what's this pantomime everybody's saying? Go for a Christmas pantomime. And then we went and we're like, oh, and then we went again because it was just great.
I don't think it's just for you Central Europeans, Vanja. I think it's also for Americans. And most, to be honest, many of us in the UK, we don't— what on earth is that all about?
But maybe that is a topic for another podcast because we are going to talk about security today and what's been happening in the crazy world of computers and how computers can go wrong.
And we're gonna find out more about that after this break where I believe my illustrious colleague, we've got Carole Theriault pre-recorded and she's gonna fill us in on who our sponsors are.
But maybe that is a topic for another podcast because we are going to talk about security today and what's been happening in the crazy world of computers and how computers can go wrong.
And we're gonna find out more about that after this break where I believe my illustrious colleague, we've got Carole Theriault pre-recorded and she's gonna fill us in on who our sponsors are.
Smashing Security is supported by CloudBerry. Now listen to this.
With CloudBerry, you can back up files, folders, and system images to the cloud storage of your choice with built-in 256-bit encryption, ensuring your precious data remains.
CloudBerry supports over 30 cloud storage providers working on Windows, Macs, and Linux, plus no subscription. You pay only once. So download a free trial at cloudberrylab.com.
But there's more. You could also go to smashingsecurity.com/cloudberrylab to get a whopping 30% off the Windows desktop version. That goes for about $20.
With CloudBerry, you can back up files, folders, and system images to the cloud storage of your choice with built-in 256-bit encryption, ensuring your precious data remains.
CloudBerry supports over 30 cloud storage providers working on Windows, Macs, and Linux, plus no subscription. You pay only once. So download a free trial at cloudberrylab.com.
But there's more. You could also go to smashingsecurity.com/cloudberrylab to get a whopping 30% off the Windows desktop version. That goes for about $20.
Boom.
This episode of Smashing Security is also sponsored by LastPass.
LastPass Enterprise makes password security effortless for your organization, simplifying password management for companies of every size with the right tools to secure your business with centralized control of employee passwords and apps.
Now, LastPass isn't just for enterprises. It's an equally great solution for business teams, families, and single users alike.
You can go to smashingsecurity.com/lastpass to see why LastPass is the trusted enterprise password manager of over 33,000 businesses. On with the show. Welcome back.
Now, one of the things which has caught my eye— now, I think we are all married men, aren't we? Yeah, I can confirm that. Last time we checked, that's right.
And so hopefully we are not regularly participating in that inner circle of hell which is Tinder. I'm so glad that my dating days predated the emergence of the Tinder app because—
LastPass Enterprise makes password security effortless for your organization, simplifying password management for companies of every size with the right tools to secure your business with centralized control of employee passwords and apps.
Now, LastPass isn't just for enterprises. It's an equally great solution for business teams, families, and single users alike.
You can go to smashingsecurity.com/lastpass to see why LastPass is the trusted enterprise password manager of over 33,000 businesses. On with the show. Welcome back.
Now, one of the things which has caught my eye— now, I think we are all married men, aren't we? Yeah, I can confirm that. Last time we checked, that's right.
And so hopefully we are not regularly participating in that inner circle of hell which is Tinder. I'm so glad that my dating days predated the emergence of the Tinder app because—
Are you saying that you're not dating your wife, Graham?
Well, look, if she says I'm dating her, then I'm definitely dating her. Look, I don't want to cause any trouble.
She has sometimes listened to the show, so I have to be quite careful. Vanja, thank you for dropping me in it.
You know, what really disturbs me these days is this horrible swipe left, swipe right thing which I've seen some people do.
These youngsters trying to find themselves a mate are doing this on their apps all the time. It just seems, oh, it's just so ghastly and all the rest of it.
Now, what's happened is there are a bunch of Tel Aviv-based security researchers who say that they have uncovered a privacy flaw in the popular app, and they've actually managed to build themselves a tool which allows them to spy on users' Tinder activity.
She has sometimes listened to the show, so I have to be quite careful. Vanja, thank you for dropping me in it.
You know, what really disturbs me these days is this horrible swipe left, swipe right thing which I've seen some people do.
These youngsters trying to find themselves a mate are doing this on their apps all the time. It just seems, oh, it's just so ghastly and all the rest of it.
Now, what's happened is there are a bunch of Tel Aviv-based security researchers who say that they have uncovered a privacy flaw in the popular app, and they've actually managed to build themselves a tool which allows them to spy on users' Tinder activity.
Nice.
In fact, what they can do, they can see the actual image that you are looking at on your version of the Tinder app, and they can even determine whether you swiped left or whether you swiped right.
Left, by the way, Vanja, just to fill you in, is rejecting. And right means, oh yes, this is woman who could throw potato over house and would be good match for me.
She would be able to pull plough through field.
Left, by the way, Vanja, just to fill you in, is rejecting. And right means, oh yes, this is woman who could throw potato over house and would be good match for me.
She would be able to pull plough through field.
I seem to remember that once at Carole's, actually, we had somebody, we had a friend. She was trying to find a date in Oxford. And then we kind of helped.
And this is the first time I saw Tinder. And I thought, well, it really is for young people.
And this is the first time I saw Tinder. And I thought, well, it really is for young people.
I think everything's for young people these days, isn't it?
I mean, maybe that's one of the big stories of our podcast is we talk about things which we get all curmudgeonly about, and younger people— David's younger than us.
David, what do you think of Tinder?
I mean, maybe that's one of the big stories of our podcast is we talk about things which we get all curmudgeonly about, and younger people— David's younger than us.
David, what do you think of Tinder?
I'm happily married with two children, so I do not have any thoughts on Tinder whatsoever, apart from a lot of people who are even younger than me seem to get an awful lot of fun out of it.
It's, you know, obviously it's a dating app, but it seems as though people who are in relationships just use it for the giggles as well.
I'm not one of those, but I'm kind of a bit curious if I'm honest.
It's, you know, obviously it's a dating app, but it seems as though people who are in relationships just use it for the giggles as well.
I'm not one of those, but I'm kind of a bit curious if I'm honest.
It's kind of gamified it all, hasn't it?
Anyway, what these researchers have found is that just by being on the same Wi-Fi network as any user of Tinder, whether you're using Tinder on your iPhone or your Android, it is not encrypting.
And this is astonishing to me. It is not HTTPS encrypting the images, which just seems weird and bizarre that it wouldn't be doing that, but it turns out that they're not.
And so they can be sniffed out of the air.
So if a hacker was on the same Wi-Fi network as you, if he's on the same maybe public Wi-Fi, they would be able to see what you are looking at.
But more than that, they're able to look at the messages which have been sent as you swipe right or swipe left or make a match.
And even though those are encrypted, because those packets of information are of different sizes, you can easily work out what has actually happened. So—
Anyway, what these researchers have found is that just by being on the same Wi-Fi network as any user of Tinder, whether you're using Tinder on your iPhone or your Android, it is not encrypting.
And this is astonishing to me. It is not HTTPS encrypting the images, which just seems weird and bizarre that it wouldn't be doing that, but it turns out that they're not.
And so they can be sniffed out of the air.
So if a hacker was on the same Wi-Fi network as you, if he's on the same maybe public Wi-Fi, they would be able to see what you are looking at.
But more than that, they're able to look at the messages which have been sent as you swipe right or swipe left or make a match.
And even though those are encrypted, because those packets of information are of different sizes, you can easily work out what has actually happened. So—
That's shockingly bad.
It is astonishing, isn't it?
So the pattern is this: Tinder will represent a swipe left to reject a potential date as 278 bytes, and a swipe right as 374 bytes, and a match, well, that brings you up to 581.
And so these researchers at Checkmarx wrote their little app which could intercept all of this information. They put up a video which we will link to in the show notes.
So the pattern is this: Tinder will represent a swipe left to reject a potential date as 278 bytes, and a swipe right as 374 bytes, and a match, well, that brings you up to 581.
And so these researchers at Checkmarx wrote their little app which could intercept all of this information. They put up a video which we will link to in the show notes.
For example, let's like this profile. When I swipe like, you can see here that the image was properly identified as a like.
What they can't do, and it's important to stress this, what they can't do is they can't see the messages which Tinder users might be sending to each other.
But there's still the potential for some abuse here.
You know, not only could a snooper determine maybe your sexual preference or whether you prefer brunettes, redheads, or blondes, or baldies, or who knows what, but they could also potentially even inject their own photographs into the targeted user stream.
So I can imagine being, you know, lurking in some coffee shop somewhere and thinking, "Oh, she looks rather lovely." And there she is, you can see her swiping away, and you might sort of beam your own photograph in, and she'd look up and she'd see a handsome computer security expert, and who knows what might result.
The fundamental thing here is though that this is a weakness in a smartphone app which has been exploited, one that—
But there's still the potential for some abuse here.
You know, not only could a snooper determine maybe your sexual preference or whether you prefer brunettes, redheads, or blondes, or baldies, or who knows what, but they could also potentially even inject their own photographs into the targeted user stream.
So I can imagine being, you know, lurking in some coffee shop somewhere and thinking, "Oh, she looks rather lovely." And there she is, you can see her swiping away, and you might sort of beam your own photograph in, and she'd look up and she'd see a handsome computer security expert, and who knows what might result.
The fundamental thing here is though that this is a weakness in a smartphone app which has been exploited, one that—
But to be fair, it's not possible to know who they are, who you are.
No. No, you can't. No, so you're not getting people's names, you're not getting people's messages.
So this isn't the biggest privacy flaw in the world, but it seems astonishing to me that any of the data which Tinder is transmitting isn't being properly encrypted.
It just almost seems surely it's more work to pick and choose what you're going to encrypt rather than encrypting anything.
So this isn't the biggest privacy flaw in the world, but it seems astonishing to me that any of the data which Tinder is transmitting isn't being properly encrypted.
It just almost seems surely it's more work to pick and choose what you're going to encrypt rather than encrypting anything.
So I did a thing for a television program in the UK here called Watchdog a couple of years ago where we went to a coffee shop and I got my laptop out and I did some controlled snooping, I have to say, on the wireless network that was in there.
And, you know, was able to get all kinds of information from, you know, some credit card details, usernames and passwords for email and so on. And it's astonishing what you can see.
And, you know, was able to get all kinds of information from, you know, some credit card details, usernames and passwords for email and so on. And it's astonishing what you can see.
Yes.
But the thing is, is that security experts, you know, we always say, look for the green padlock. When you're browsing, look for the green padlock.
In an app, there is no green padlock, and you do have to have a large degree of trust in the app that they are looking after your data. Yet that does not seem to be in place.
In an app, there is no green padlock, and you do have to have a large degree of trust in the app that they are looking after your data. Yet that does not seem to be in place.
So even a padlock like that could be misleading, of course, because what we'd be looking for there is that that would assure you that maybe the data being sent is encrypted as it's being sent.
What it doesn't necessarily say is how secure the infrastructure is behind it, the servers which your data is being uploaded to, or what they intend to do with that data and whether they're going to be honorable.
And that would, of course, be very difficult for Google and Apple to assess. But I think you've put your finger on it here, which is that the problem is the apps.
What it doesn't necessarily say is how secure the infrastructure is behind it, the servers which your data is being uploaded to, or what they intend to do with that data and whether they're going to be honorable.
And that would, of course, be very difficult for Google and Apple to assess. But I think you've put your finger on it here, which is that the problem is the apps.
There's so much focus on, oh, are iPhones more secure than Android? Or which is the better operating system?
And it's ignoring the real issue, which is the security threat of these third-party apps. And you can't tell what's going on under the hood.
And it's ignoring the real issue, which is the security threat of these third-party apps. And you can't tell what's going on under the hood.
Yeah, that is the problem, especially on, I would say, Google Play.
And who's not to say that if anybody's publishing an app, they can put their own little padlock on the icon, on a fake banking site, for example, where it tries to convince you it's a real site and it's an HTTPS site while in fact it's not.
And who's not to say that if anybody's publishing an app, they can put their own little padlock on the icon, on a fake banking site, for example, where it tries to convince you it's a real site and it's an HTTPS site while in fact it's not.
I mean, to draw the analogy, there are plenty of phishing sites these days, LastPass, which do have the website padlock, which will actually take your information and encrypt it, because that's part of the subterfuge, isn't it?
It's not necessarily a guarantee that the people who bought the padlock, who put the encryption in place, are necessarily secure as well. But it is astonishing, David.
I mean, as your test found out, it is astonishing and scary just how much data is flying around inside coffee shops, being flung from place to place and potentially is available for the bad guys to scoop up.
It's not necessarily a guarantee that the people who bought the padlock, who put the encryption in place, are necessarily secure as well. But it is astonishing, David.
I mean, as your test found out, it is astonishing and scary just how much data is flying around inside coffee shops, being flung from place to place and potentially is available for the bad guys to scoop up.
That's why it's super important to actually try to use virtual private network as soon as you enter and you log into an open Wi-Fi network.
Yeah, I was just taking a look on the Apple site just now because when we did that stunt, we had to go back to Apple and to some of the websites that were letting their data flow around pretty freely over the network.
Apple talked about applications Application Transport Security is required in iOS apps submitted after January 2017. I'm thinking, well, hang on a minute, we're in January 2018 now.
What happened to all of these extra bits of security?
Apple talked about applications Application Transport Security is required in iOS apps submitted after January 2017. I'm thinking, well, hang on a minute, we're in January 2018 now.
What happened to all of these extra bits of security?
And that was expressly for this purpose, that any apps that were sending any data had to use HTTPS rather than HTTP.
But it looks as though I'm just taking a look now at an article from May last year that Apple actually postponed, extended the deadline until further notice.
So while Apple did put some infrastructure in place and tried to lay down the law to app developers, it looks as though it hasn't enforced that yet.
But it looks as though I'm just taking a look now at an article from May last year that Apple actually postponed, extended the deadline until further notice.
So while Apple did put some infrastructure in place and tried to lay down the law to app developers, it looks as though it hasn't enforced that yet.
Well, clearly not, because I must admit, when I first read this story, I was reading about it on Wired magazine and I thought, oh, that will be the Android version.
'Cause I did think Apple had locked down apps on the iPhone more to ensure that they were using HTTPS and SSL for transmission of information, but it seems from what you're saying that no, they haven't.
But I, amongst others, have been fooled into thinking that somehow these apps were going to be more secure than they actually are. Not good.
'Cause I did think Apple had locked down apps on the iPhone more to ensure that they were using HTTPS and SSL for transmission of information, but it seems from what you're saying that no, they haven't.
But I, amongst others, have been fooled into thinking that somehow these apps were going to be more secure than they actually are. Not good.
But I think your advice, Vanja, about using VPNs is certainly a good one.
And we tackled that in a podcast from sometime last year where we focused specifically on Wi-Fi issues, didn't we?
And discussed how important it is to run a VPN to keep yourself safe online.
And we tackled that in a podcast from sometime last year where we focused specifically on Wi-Fi issues, didn't we?
And discussed how important it is to run a VPN to keep yourself safe online.
Absolutely.
So Vanja, what's your story this week?
You wouldn't necessarily say it's connected with security, but if you think about it from a different angle, it actually is.
And it's about the fact that Amazon has opened its first new shop on Monday to the public and has, which has no shop attendant whatsoever. So there's a lot of technology.
You have to use an app on your phone, you have to register, and the whole workflow is you take the phone, you scan it, and it takes couple of seconds for the system to log you into the shop and then you just enter.
It's a normal grocery store. You put all the items in your bag and when you're ready to leave, you just leave. So it's quite an interesting workflow there.
And it's about the fact that Amazon has opened its first new shop on Monday to the public and has, which has no shop attendant whatsoever. So there's a lot of technology.
You have to use an app on your phone, you have to register, and the whole workflow is you take the phone, you scan it, and it takes couple of seconds for the system to log you into the shop and then you just enter.
It's a normal grocery store. You put all the items in your bag and when you're ready to leave, you just leave. So it's quite an interesting workflow there.
Did I hear correctly? So there's no one working inside the shop?
Well, actually, there's only one person who checks your age if you want to buy any alcohol product. In that case, you need to be over 18. So they check your ID.
That's the only person that works there.
That's the only person that works there.
But how can this work? Okay. So anyone can walk into one of these Amazon shops.
By the way, isn't it great that Amazon are now opening high street shops, having destroyed much of the high street already? So they—
By the way, isn't it great that Amazon are now opening high street shops, having destroyed much of the high street already? So they—
Yeah, they're even opening some bookstores, as far as I know, in the US.
Oh, for goodness sake. So you walk into this shop where there's effectively nobody there, right?
And you can pick up anything off the shelf and then you just walk out and you just— what?
Is this walking into, you know, in hotel rooms where you get the food and a little minibar? Is it that? Is there some pressure sensors as you pick things up?
And you can pick up anything off the shelf and then you just walk out and you just— what?
Is this walking into, you know, in hotel rooms where you get the food and a little minibar? Is it that? Is there some pressure sensors as you pick things up?
Absolutely. Yes.
How does this work?
When you get registered and you get your app, when you get in, can you impersonate anybody?
Can you just put a mask on your face and then in the middle of the shopping, you swap it back and then you pretend to be somebody else?
But it seems that the actual system is not working on the face recognition technology, which is not proven to be so great.
This is more on cameras and visual recognition of the whole body. It's a 3D system of the body, and it's able to track multiple people within the shop.
The only thing you need to do as you enter is to register with your app, and even if you have members of your family, when you get out, everything is put together on a receipt you get it and it takes it from your credit card.
Can you just put a mask on your face and then in the middle of the shopping, you swap it back and then you pretend to be somebody else?
But it seems that the actual system is not working on the face recognition technology, which is not proven to be so great.
This is more on cameras and visual recognition of the whole body. It's a 3D system of the body, and it's able to track multiple people within the shop.
The only thing you need to do as you enter is to register with your app, and even if you have members of your family, when you get out, everything is put together on a receipt you get it and it takes it from your credit card.
So this is largely done by facial recognition and cameras, which are tracking you. Is there only one person allowed in the shop at a time to do this?
No, but what they're saying is that explicitly, what they said is that it's not based on face recognition.
Oh, sorry.
So it really uses some advanced 3D cameras and Doppler-like sensors, infrared cameras, but also it has scales on the shelves.
So when you take an item, it knows that you took only one item. And it also has shapes that fit particular items.
So some people have discussed that it's actually very good for food or any kind of grocery.
But if you had items like clothing that looks very similar, how would you apply a similar technology?
So I think this is really more or less just a showcase to prove how Amazon has this great technology and it's quite unlikely they're going to be including it in all of the Whole Foods supermarket chain, for example, anytime soon.
So when you take an item, it knows that you took only one item. And it also has shapes that fit particular items.
So some people have discussed that it's actually very good for food or any kind of grocery.
But if you had items like clothing that looks very similar, how would you apply a similar technology?
So I think this is really more or less just a showcase to prove how Amazon has this great technology and it's quite unlikely they're going to be including it in all of the Whole Foods supermarket chain, for example, anytime soon.
What this is, is just Geoff Bezos showing off, isn't it?
Absolutely.
Because what would be the point going to all this expense and all of this trouble when you could hire someone for minimum wage to just, you know, take your items or whatever, or make you go through the checkout?
As indeed happens all the time anyway.
Yeah. All this sophisticated technology they're using, I'm guessing it's more expensive than having people working there.
So I guess they want to make it this sort of completely new shopping experience where there are no queues on the tills whatsoever.
But even with the self-checkout, the queues are relatively small and the whole experience of shopping in supermarket is reasonably stress-free if you know where the items are.
But this is not a supermarket. It's really a small shop. It's about 1,800 square feet. So it's a relatively small store in the downtown of Seattle.
So I guess they want to make it this sort of completely new shopping experience where there are no queues on the tills whatsoever.
But even with the self-checkout, the queues are relatively small and the whole experience of shopping in supermarket is reasonably stress-free if you know where the items are.
But this is not a supermarket. It's really a small shop. It's about 1,800 square feet. So it's a relatively small store in the downtown of Seattle.
It's bizarre.
This has set up a new challenge to try and overcome Amazon's technology and see what you can nick out of the store. That's a tech frisson. It's shoplifting for 2018, surely.
Yeah, it seems that the shop is obviously designed for people who are not shoplifters. It's really designed for ordinary people that will come and register.
But what if you jump across the turnstile, you don't register? What happens then? All the doors shut and they simply shoot you. One of the cameras shoots you.
But what if you jump across the turnstile, you don't register? What happens then? All the doors shut and they simply shoot you. One of the cameras shoots you.
It's all the 30 people who are watching on some CCTV cameras behind mirrors and so on.
So all the people who would be serving you otherwise are watching to make sure that you're not shoplifting.
So all the people who would be serving you otherwise are watching to make sure that you're not shoplifting.
Absolutely. And there's also a question of, you said, if the people are not working as shop attendants, where do they work? And perhaps they do work behind the mirror somewhere.
It's bizarre. I would be tempted to enter with a particularly sticky long coat and then just sort of accidentally bump into items, which might stick to my coat.
That is a very good technique. And I would love to see that, Graham. And I would like to see whether your bill would be at the end correct or incorrect.
I'm also wondering, you know, those sort of umbrella hats you can wear. If you had one of those, if it was large enough or it would extend far enough, surely that would...
There must be people lurking around the back ready to run out for when the inevitable scam begins to happen. This is... maybe this is what this all...
maybe this is actually genius, right?
Maybe this is actually to take off the streets all the scammers and mischief makers and the general miscreants who love to meddle when given a challenge like this and get them all into the same building, and then you can just shut the door and brick them up, couldn't you?
There must be people lurking around the back ready to run out for when the inevitable scam begins to happen. This is... maybe this is what this all...
maybe this is actually genius, right?
Maybe this is actually to take off the streets all the scammers and mischief makers and the general miscreants who love to meddle when given a challenge like this and get them all into the same building, and then you can just shut the door and brick them up, couldn't you?
Yeah, but what if you come with the dog and the dog starts taking stuff as well?
Yes, well, you know my dog, Vanja.
Yes.
Any food item. Yeah. It's bound to be grabbed, isn't it? And that'll be the last we see of it. Well, so is this the end of civilization as we know it? Should we be worried?
I mean, I think privacy wonks will be slightly concerned, won't they? If all these cameras are once again watching people so intensely.
I mean, I think privacy wonks will be slightly concerned, won't they? If all these cameras are once again watching people so intensely.
I think the problem is not just that it's a showcase for a different shopping experience. It's a showcase for the kind of a mass surveillance application in theory.
So that's not just based on face recognition, but in theory can track you wherever you go everywhere.
So we just generalize it a bit and then it becomes more scary than it is right now. Now it's just a novelty in the show.
So that's not just based on face recognition, but in theory can track you wherever you go everywhere.
So we just generalize it a bit and then it becomes more scary than it is right now. Now it's just a novelty in the show.
That's what Geoff Bezos is thinking. He's going to start rolling this out citywide, isn't he?
They're doing it anyway.
He already looks a bit like a baddie anyway, doesn't he? Reminds me of, do you remember the Hood in Thunderbirds? He was a very scary person.
All right, David, what's your story this week?
All right, David, what's your story this week?
Well, I'm going to talk about petrol pump malware.
Wow.
And so this is the story that the Russian security services, the FSB, have uncovered a criminal gang that was overcharging customers at gas stations across pretty much the entire south of Russia, by the sounds of it.
And what these guys were doing were installing some malware onto the petrol pumps and also onto other bits, onto the tills and onto some of the backend systems as well, that was shortchanging those people who were filling up their cars with petrol by up to about 7 or so percent.
This malware was incredibly difficult for the authorities to spot, and they did eventually find it in dozens and dozens of petrol stations.
And the criminals were offering it for sale to members of staff. Sometimes they were posing as people there to make software upgrades to the pumps and to the tills as well.
And it turns out that it's, you know, quite a large fraud in terms of the amount of money that the criminals may well have made off with this.
Now, I feel as though I get ripped off pretty much every time I go to a petrol pump anyway. I'm not sure there's any malware involved in that.
Although actually, just to digress for a moment, I used to have a big gas-guzzling Volvo and I had it converted to run on LPG, liquefied petroleum gas.
You knew exactly how much gas went into a pump.
And there was one particular petrol station, I'm not going to say where it was, but every time I filled up there, it would cost me about £10 extra to fill up.
And I complained and I complained. And every time the guy behind the till said, oh no, no, no, no, we have it checked. We have it checked. We have it checked. And then—
And what these guys were doing were installing some malware onto the petrol pumps and also onto other bits, onto the tills and onto some of the backend systems as well, that was shortchanging those people who were filling up their cars with petrol by up to about 7 or so percent.
This malware was incredibly difficult for the authorities to spot, and they did eventually find it in dozens and dozens of petrol stations.
And the criminals were offering it for sale to members of staff. Sometimes they were posing as people there to make software upgrades to the pumps and to the tills as well.
And it turns out that it's, you know, quite a large fraud in terms of the amount of money that the criminals may well have made off with this.
Now, I feel as though I get ripped off pretty much every time I go to a petrol pump anyway. I'm not sure there's any malware involved in that.
Although actually, just to digress for a moment, I used to have a big gas-guzzling Volvo and I had it converted to run on LPG, liquefied petroleum gas.
You knew exactly how much gas went into a pump.
And there was one particular petrol station, I'm not going to say where it was, but every time I filled up there, it would cost me about £10 extra to fill up.
And I complained and I complained. And every time the guy behind the till said, oh no, no, no, no, we have it checked. We have it checked. We have it checked. And then—
I would definitely agree with you because I remember there was one in Oxford as well. And certainly there's more than one in Croatia, if you know what I mean.
Yeah.
So I'm not sure we can put that down to malware, but, you know, it does make you wonder how many other bits of infrastructure like this, you know, whether it's electricity meters, heaters perhaps, as well as petrol pumps that have got some pretty sticky malware in there and a pretty sophisticated operation that, say, it seems to have taken the FSB in Russia quite a long time to crack this criminal gang.
So I'm not sure we can put that down to malware, but, you know, it does make you wonder how many other bits of infrastructure like this, you know, whether it's electricity meters, heaters perhaps, as well as petrol pumps that have got some pretty sticky malware in there and a pretty sophisticated operation that, say, it seems to have taken the FSB in Russia quite a long time to crack this criminal gang.
When I was reading about this story, I was hearing that the excess fuel, the fuel which effectively you've paid for, was being put into a spare reservoir at the petrol station, which maybe had been closed for maintenance, or someone had said that that had happened.
And then that petrol, that fuel, was being sold on. And that's how the scammers were actually making their money out of this.
And then that petrol, that fuel, was being sold on. And that's how the scammers were actually making their money out of this.
It sounds like a very complex operation to me.
It really does, doesn't it?
There must be easier ways to make money than this, you know, because when I heard about this as well, I thought, well, I wonder if there's anything else in the high street maybe where this kind of scam is going on.
You know, like if you go to a cheese emporium and you're buying your weekly chunk of cheddar or whatever, whether you're not getting the correct weight and some of the cheese has been squirreled away by some cybercriminal who's going to sell it to the EU cheese mountain and make himself a tidy profit as well.
There must be easier ways to make money than this, you know, because when I heard about this as well, I thought, well, I wonder if there's anything else in the high street maybe where this kind of scam is going on.
You know, like if you go to a cheese emporium and you're buying your weekly chunk of cheddar or whatever, whether you're not getting the correct weight and some of the cheese has been squirreled away by some cybercriminal who's going to sell it to the EU cheese mountain and make himself a tidy profit as well.
Yeah, I wonder, it must have been some kind of internal job, to be honest.
The people who are working for the company must have been in it on the whole thing because you really need to understand how the whole system works from the actual petrol pump to the till to the sensor that sends the actual readings of how much fuel there is in the tank of the petrol station.
They faked everything and they send those sensor results back to the central location.
The people who are working for the company must have been in it on the whole thing because you really need to understand how the whole system works from the actual petrol pump to the till to the sensor that sends the actual readings of how much fuel there is in the tank of the petrol station.
They faked everything and they send those sensor results back to the central location.
And of course, to make sure that you've got an entire reservoir underneath your forecourt that's empty, into which you are siphoning off this up to 7% of excess fuel.
Now, there's massive collusion here, and it does highlight the problem that while the petrol pumps are one part of the chain here, people are another massive part of it.
And if it wasn't for the people here who were part of the crime, then there wouldn't have been that crime in the first place.
Now, there's massive collusion here, and it does highlight the problem that while the petrol pumps are one part of the chain here, people are another massive part of it.
And if it wasn't for the people here who were part of the crime, then there wouldn't have been that crime in the first place.
And you know what, I bet this actually gives us a clue as to how the FSB found out about this.
My guess is it wasn't someone stumbling across a malware infection or something like that.
It was probably someone involved in the scam or associated with the scammers themselves who went and grassed them up.
Someone who maybe fell out with them, didn't feel like he was making enough money from the scam, maybe he felt he'd been conned out of some of the money which he was owed, went to the authorities and said, "I think you should go and have a look at those petrol pumps because there's something rather sneaky going on here." That would be my guess.
My guess is it wasn't someone stumbling across a malware infection or something like that.
It was probably someone involved in the scam or associated with the scammers themselves who went and grassed them up.
Someone who maybe fell out with them, didn't feel like he was making enough money from the scam, maybe he felt he'd been conned out of some of the money which he was owed, went to the authorities and said, "I think you should go and have a look at those petrol pumps because there's something rather sneaky going on here." That would be my guess.
It's going to be interesting to wait and see whether new details will come up anytime soon.
Yeah. In the meantime, my recommendation is be very careful around petrol pumps.
In fact, I think you should be careful around petrol pumps anyway, because rather like the gates which go up and down at car parks, letting you in and out, I think we need to be really polite to those devices because one day they might rule the world.
So I always make a point of saying thank you to them because of the rise of the machines which is occurring. One day they could be our lords and masters.
In fact, I think you should be careful around petrol pumps anyway, because rather like the gates which go up and down at car parks, letting you in and out, I think we need to be really polite to those devices because one day they might rule the world.
So I always make a point of saying thank you to them because of the rise of the machines which is occurring. One day they could be our lords and masters.
Especially the ramps at the parking where they let you out of the parking.
Yeah, because if you're trying to sneak out, if you've angered them, they could clunk you on the head. Absolutely. Right?
It's dangerous.
Right, we'll be right back after this break for Pick of the Week. Big thanks to LastPass for sponsoring the show this week.
LastPass Enterprise makes password security effortless for your organization.
Simplifying password management for companies of every size gives you the right tools to secure your business with centralized control of employee passwords and apps.
Go to smashingsecurity.com/lastpass to see why LastPass is the trusted enterprise password manager of over 33,000 businesses. Remember Cloudberry?
LastPass Enterprise makes password security effortless for your organization.
Simplifying password management for companies of every size gives you the right tools to secure your business with centralized control of employee passwords and apps.
Go to smashingsecurity.com/lastpass to see why LastPass is the trusted enterprise password manager of over 33,000 businesses. Remember Cloudberry?
With them, you can back up files, folders, and system images to the cloud storage of your choice. There's no subscription.
Plus, you get 30% off the Windows desktop version if you go to smashingsecurity.com/cloudberry. On with the show.
Plus, you get 30% off the Windows desktop version if you go to smashingsecurity.com/cloudberry. On with the show.
And welcome back. And you join us at our favorite part of the show, which we like to call Pick of the Week.
Pick of the Week.
Pick of the Week.
We're all such professionals. It's as though we don't even miss her, isn't it?
Nobody can replace Carole. Come on.
No, no one. No one could. Who'd want to? Everyone on the show chooses something which they like. That's the idea of Pick of the Week.
It could be a funny story, a book they've read, a TV show, a movie, a record, an app, a website, a podcast, whatever you like. Doesn't have to be security related. Necessarily.
Oh, you're right. We do miss her. So my pick of the week this week is, did you know that this month is the 40th anniversary of something rather close to my heart?
As you probably know, gentle listener to the show, my favourite TV programme of all time is Doctor Who.
It could be a funny story, a book they've read, a TV show, a movie, a record, an app, a website, a podcast, whatever you like. Doesn't have to be security related. Necessarily.
Oh, you're right. We do miss her. So my pick of the week this week is, did you know that this month is the 40th anniversary of something rather close to my heart?
As you probably know, gentle listener to the show, my favourite TV programme of all time is Doctor Who.
We all know that.
Yes. Forget I, Claudius. Forget Edge of Darkness, right? Doctor Who is the greatest TV programme of all time.
However, there are other shows which are pretty good as well, and one of them is a sort of offshoot of Doctor Who, which first appeared 40 years ago. 40 years ago!
I remember watching it 40 years ago this month, and it is Blake's 7.
However, there are other shows which are pretty good as well, and one of them is a sort of offshoot of Doctor Who, which first appeared 40 years ago. 40 years ago!
I remember watching it 40 years ago this month, and it is Blake's 7.
You know, I remember watching Blake's 7 too, and it was a bit weird.
I think I was a bit young at the time, and I thought it's not as richly produced as, let's say, Space: 1999, if you remember that one.
I think I was a bit young at the time, and I thought it's not as richly produced as, let's say, Space: 1999, if you remember that one.
Space: 1999 was an enormously expensive show.
Right? So it was really impressive for me, Space: 1999. But there was something about Blake's 7, and I remember watching every single episode.
And if you ask me what's it all about now, I would have no idea.
And if you ask me what's it all about now, I would have no idea.
Well, you see, I'm not surprised that Blake's 7 appealed to you, Vanja Švajcer, because of course you were born under the communist yoke.
And in many ways, that's what Blake's 7 was all about. It was a hard, gritty Orwellian nightmare, just one that you were living day to day.
But it was one which Roj Blake, Kerr Avon, Zen the computer with an attitude, the Liberator spaceship, Orac, Ser— do you remember Servalan?
And in many ways, that's what Blake's 7 was all about. It was a hard, gritty Orwellian nightmare, just one that you were living day to day.
But it was one which Roj Blake, Kerr Avon, Zen the computer with an attitude, the Liberator spaceship, Orac, Ser— do you remember Servalan?
No.
David, do you know what I'm talking about at all?
So I remember my dad getting quite excited about Blake's 7. Sorry, that sounds awful, but it's true.
And so maybe for the repeats in the early '80s, I was watching it in black and white, but I can't say I remember the show itself. I'm so sorry.
And so maybe for the repeats in the early '80s, I was watching it in black and white, but I can't say I remember the show itself. I'm so sorry.
No, that's all right. Well, some men of a certain age may actually have a bit of a thing for Servalan. She was the equivalent of— imagine a sexy Margaret Thatcher.
Sorry, sorry. Those words just do not compute.
She was the supreme commander. So she was basically Darth Vader in the show, right? She was the ultimate baddie in the show.
So she was sort of a head honcho in the Federation, who were the baddies who were ruling most of the universe.
Blake and his buddies, who were all criminals who'd been framed by the Federation, or maybe had been involved in some pickpocketing or some smuggling or something, they were the rebels.
So they were basically the equivalent to the Rebels in Star Wars versus the Empire.
Anyway, it's my pick of the week, not just the show itself, but there is on YouTube, if you want to remind yourself of Blake's 7, a terrific documentary in 3 parts.
It comes to about maybe 2.5 hours. I've really enjoyed watching it. I will put a link in the show notes which goes behind the scenes.
It's directed by Kevin John Davies, who made More Than 30 Years in the TARDIS, another terrific Doctor Who documentary, and I hope some people can rediscover the show from that.
Yes, it is 40 years old and you've got to bear that in mind in the pacing of the show, but I think it's about time that Blake's 7 was reimagined for the 21st century, a bit Battlestar Galactica came back.
And actually, Battlestar Galactica, when it came back, was so much better than the original series.
So she was sort of a head honcho in the Federation, who were the baddies who were ruling most of the universe.
Blake and his buddies, who were all criminals who'd been framed by the Federation, or maybe had been involved in some pickpocketing or some smuggling or something, they were the rebels.
So they were basically the equivalent to the Rebels in Star Wars versus the Empire.
Anyway, it's my pick of the week, not just the show itself, but there is on YouTube, if you want to remind yourself of Blake's 7, a terrific documentary in 3 parts.
It comes to about maybe 2.5 hours. I've really enjoyed watching it. I will put a link in the show notes which goes behind the scenes.
It's directed by Kevin John Davies, who made More Than 30 Years in the TARDIS, another terrific Doctor Who documentary, and I hope some people can rediscover the show from that.
Yes, it is 40 years old and you've got to bear that in mind in the pacing of the show, but I think it's about time that Blake's 7 was reimagined for the 21st century, a bit Battlestar Galactica came back.
And actually, Battlestar Galactica, when it came back, was so much better than the original series.
So much better than the original, I agree.
Yeah, yeah. And that's why it's my pick of the week. Vanja, what's your pick of the week?
Well, I've been to Cuba recently and really had an interesting time there.
And being from a communist country myself originally, it was interesting to see how a communist country developed 20 years after basically all things disappeared.
And being from a communist country myself originally, it was interesting to see how a communist country developed 20 years after basically all things disappeared.
Did it feel the old days, Vanja? Did you feel, ah, this is— I'm home now?
On some level it felt like the old days. Some levels it's a— Cuba is a very specific case of a communist country, so it's not really like the country I used to live in.
Croatia, we used to be a communist country, or Yugoslavia, how the country was called at the time.
But we really had more of a market-oriented economy and there in Cuba, they really tried to live this sort of idealistic dream of everybody being equal.
So, but my pick of the week is not to recommend people to travel to Cuba now and it's not going to be very easy for everybody, especially for the people in the US.
But possibly the best thing they can do is to watch, if they're interested in Cuba, to watch a documentary that's streaming on Netflix called Cuba and the Cameraman.
And this is the documentary that's recorded and directed by Jon Alpert, who's kind of a seasoned New York City journalist who documented his travels to Cuba over a period of more than 40 years.
So it's a really interesting take and you could see how Cuba has been developing over time and you could see the economic crisis when the Soviet Union collapsed and they had this so-called special period where they really, they were so much supported by the Soviet Union when the help and the money coming in stopped coming in.
They really didn't know how to handle that until they made a connection with Venezuela.
But I think what's the most interesting is with the documentary is that it follows the journalist coming in for the first time with a video camera, one of the first video cameras.
When the whole gear set was weighing something like 40 kilos or 90 pounds. So they had this little cart, like a baby thing, to kind of lug this around.
So when they were filming one of these events when Castro was speaking, Fidel spotted them and he asked them to come to him and to meet.
And that's how this sort of almost like a friendship between Fidel Castro and Jon Alpert started.
So Jon Alpert was one of the only journalists that got to travel with Fidel, for example, on his trip from Cuba to New York to address the United Nations General Assembly, for example.
So you could see there are so many little gems between Fidel and Jon Alpert, but he also follows perfectly ordinary families, some in Havana and some in rural areas of Cuba and their development over those 40 years.
So it's really interesting to see how Cuba developed from really super hard communist country to a little bit softer, but just a little bit softer, the version that we've seen when we traveled there in November.
Croatia, we used to be a communist country, or Yugoslavia, how the country was called at the time.
But we really had more of a market-oriented economy and there in Cuba, they really tried to live this sort of idealistic dream of everybody being equal.
So, but my pick of the week is not to recommend people to travel to Cuba now and it's not going to be very easy for everybody, especially for the people in the US.
But possibly the best thing they can do is to watch, if they're interested in Cuba, to watch a documentary that's streaming on Netflix called Cuba and the Cameraman.
And this is the documentary that's recorded and directed by Jon Alpert, who's kind of a seasoned New York City journalist who documented his travels to Cuba over a period of more than 40 years.
So it's a really interesting take and you could see how Cuba has been developing over time and you could see the economic crisis when the Soviet Union collapsed and they had this so-called special period where they really, they were so much supported by the Soviet Union when the help and the money coming in stopped coming in.
They really didn't know how to handle that until they made a connection with Venezuela.
But I think what's the most interesting is with the documentary is that it follows the journalist coming in for the first time with a video camera, one of the first video cameras.
When the whole gear set was weighing something like 40 kilos or 90 pounds. So they had this little cart, like a baby thing, to kind of lug this around.
So when they were filming one of these events when Castro was speaking, Fidel spotted them and he asked them to come to him and to meet.
And that's how this sort of almost like a friendship between Fidel Castro and Jon Alpert started.
So Jon Alpert was one of the only journalists that got to travel with Fidel, for example, on his trip from Cuba to New York to address the United Nations General Assembly, for example.
So you could see there are so many little gems between Fidel and Jon Alpert, but he also follows perfectly ordinary families, some in Havana and some in rural areas of Cuba and their development over those 40 years.
So it's really interesting to see how Cuba developed from really super hard communist country to a little bit softer, but just a little bit softer, the version that we've seen when we traveled there in November.
I have to make another Cuban-based recommendation off the back of that.
One of my favorite, most treasured DVDs are though are kind of not much longer going to have anything to play the DVD in.
So you can probably get it from Netflix or from Amazon Prime, is Buena Vista Social Club, which is a real celebration of the music of Havana and of Cuba.
And an American guitarist called Ry Cooder went there back in the mid-'90s or so.
And in the same way that I guess Paul Simon went to various bits of the world and stole their music, Ry Cooder went to Cuba and managed to, I guess, compile, collect, visit lots of amazing Cuban musicians like Ibrahim Ferrer and Compay Segundo.
And it's the imagery, it's all the old cars that are lying around, all the wonderful architecture, these marvelously lived-in places and people who've lived there as well telling their stories, but of course through the poetry of music.
And I'm getting goosebumps just remembering some of the songs right now.
So yeah, if I haven't been into Cuba, but I feel as though I've got a real sense of it from Buena Vista Social Club. And I'll certainly look up Cuba and the Cameraman as well.
One of my favorite, most treasured DVDs are though are kind of not much longer going to have anything to play the DVD in.
So you can probably get it from Netflix or from Amazon Prime, is Buena Vista Social Club, which is a real celebration of the music of Havana and of Cuba.
And an American guitarist called Ry Cooder went there back in the mid-'90s or so.
And in the same way that I guess Paul Simon went to various bits of the world and stole their music, Ry Cooder went to Cuba and managed to, I guess, compile, collect, visit lots of amazing Cuban musicians like Ibrahim Ferrer and Compay Segundo.
And it's the imagery, it's all the old cars that are lying around, all the wonderful architecture, these marvelously lived-in places and people who've lived there as well telling their stories, but of course through the poetry of music.
And I'm getting goosebumps just remembering some of the songs right now.
So yeah, if I haven't been into Cuba, but I feel as though I've got a real sense of it from Buena Vista Social Club. And I'll certainly look up Cuba and the Cameraman as well.
Yeah, Cuba and the Cameraman is a little less polished, but absolutely, it's great. I think it shows Cuba in subjective but also pretty realistic view of the journalist.
Sounds great. Love a good documentary. David, what is your pick of the week?
My pick of the week is another app. So I bowled you over with my Pomodoros a few weeks ago. So this week I'm going back to being very, very British, less Italian.
And being British, I love nothing more than small talk about the weather. Now, what do you know, there are some apps for that.
Now, one of the best known, I guess, apps for weather is called Dark Sky. It's by Jackadam, and it's hyper-local weather.
It uses your GPS on your phone to give you minute-by-minute, super, super accurate forecasts.
I don't know if you've come across it before, but you can literally boil an egg to the accuracy of its rain prediction.
And it's, you know, number one in the App Store for weather, and it's got Apple Watch complications. It's US, UK, and Ireland only.
But I'm not here to recommend that because it's been well recommended before.
Instead, I'm recommending another app which uses the same weather source as Dark Sky, and this called Carrot Weather. Now—
And being British, I love nothing more than small talk about the weather. Now, what do you know, there are some apps for that.
Now, one of the best known, I guess, apps for weather is called Dark Sky. It's by Jackadam, and it's hyper-local weather.
It uses your GPS on your phone to give you minute-by-minute, super, super accurate forecasts.
I don't know if you've come across it before, but you can literally boil an egg to the accuracy of its rain prediction.
And it's, you know, number one in the App Store for weather, and it's got Apple Watch complications. It's US, UK, and Ireland only.
But I'm not here to recommend that because it's been well recommended before.
Instead, I'm recommending another app which uses the same weather source as Dark Sky, and this called Carrot Weather. Now—
What?
Yep, it's called Carrot Weather. There are a handful of apps that are Carrot apps.
Now, it uses, like I say, uses the Dark Sky weather data as a source, but it displays it through the prism of a sardonic, human-hating AI called Carrot. And that sounds great. Yeah.
Okay, so let me just give you an example. On Sunday morning, here in London anyway, it was 2 or 3 degrees Celsius. It was chucking it down with rain.
And I just opened up the weather app to see what it said. And it's got some amazing one-liners, lots of them Donald Trump related.
But it just popped up and said, and it speaks from your watch or from your phone, and it said, yep, it's fucking raining.
Now, it's a paid-for app, shock horror, but the pick-me-up that this app gives me whenever the skies are grey and it's chucking it down with rain outside, I've found this app to be far more cost-effective than a double espresso from my local coffee shop.
So, if you're wanting something that's going to make you smile even when it's grey outside, is going to make you just raise a little grin around your face, and also be damn accurate when it comes to the weather, I wholeheartedly recommend Carrot Weather.
It's by Graylr and you can download it for iOS and also for Android.
Now, it uses, like I say, uses the Dark Sky weather data as a source, but it displays it through the prism of a sardonic, human-hating AI called Carrot. And that sounds great. Yeah.
Okay, so let me just give you an example. On Sunday morning, here in London anyway, it was 2 or 3 degrees Celsius. It was chucking it down with rain.
And I just opened up the weather app to see what it said. And it's got some amazing one-liners, lots of them Donald Trump related.
But it just popped up and said, and it speaks from your watch or from your phone, and it said, yep, it's fucking raining.
Now, it's a paid-for app, shock horror, but the pick-me-up that this app gives me whenever the skies are grey and it's chucking it down with rain outside, I've found this app to be far more cost-effective than a double espresso from my local coffee shop.
So, if you're wanting something that's going to make you smile even when it's grey outside, is going to make you just raise a little grin around your face, and also be damn accurate when it comes to the weather, I wholeheartedly recommend Carrot Weather.
It's by Graylr and you can download it for iOS and also for Android.
It's such a simple thing, but somehow it makes the world that little bit brighter, doesn't it?
Certainly does mine.
Gratuitous swearing. Well, from one sardonic human-hating artificial intelligence to a sardonic human-hating artificial intelligence on this end of the microphone.
That sounds a fantastic pick of the week. Thank you very much. Well, that just about wraps it up for this week. It's been a bit of a different show, really, hasn't it?
Has anyone felt like something's been— have we forgotten something? Someone? Can't remember.
That sounds a fantastic pick of the week. Thank you very much. Well, that just about wraps it up for this week. It's been a bit of a different show, really, hasn't it?
Has anyone felt like something's been— have we forgotten something? Someone? Can't remember.
Must be something.
All that remains is for me to tell you that if you want to follow us on Twitter, you can do so at Smashing Security. Security, without a G. Twitter wouldn't let us have a G.
Thank you very much, both David and Vanja Švajcer, for joining us this week. And thank you as well for tuning in at home. If you like the show, rate it on Apple Podcasts.
It really does help new listeners discover us, and that gives us a little sort of, you know, a little tickle under our armpits and makes us happy.
I don't know what I'm saying, actually. Go to smashingsecurity.com for past episodes and for details on how to keep in touch with us. Until next time, bye-bye! Cheerio! Bye!
Thank you very much, both David and Vanja Švajcer, for joining us this week. And thank you as well for tuning in at home. If you like the show, rate it on Apple Podcasts.
It really does help new listeners discover us, and that gives us a little sort of, you know, a little tickle under our armpits and makes us happy.
I don't know what I'm saying, actually. Go to smashingsecurity.com for past episodes and for details on how to keep in touch with us. Until next time, bye-bye! Cheerio! Bye!
Bye-bye-bye!
Vanja, you had a birthday recently, didn't you?
Yeah, I have to say that I got the best present for the person that's missing at the show, and it's actually a song that the same person that's missing from the show has recorded for me.
So today is your birthday. Well, the day after your birthday. And that we know it's not your birthday.
How old are you now?
Sorry, how old? Jesus, what happened?
Where did all the time go?
Most of it was sleeping.
Some of it pooping.
A lot of it laughing. Too much of it working. And just not enough eating banana cake. So go eat banana cake.
'Cause it's your birthday.
Host:
Graham Cluley:
@grahamcluley.com
@
/ grahamcluley
Guests:
David McClelland – @DavidMcClelland
Vanja Švajcer – @vanjasvajcer
Show notes:
- Tinder's Lack of Encryption Lets Strangers Spy on Your Swipes
- Tinder drift demo – YouTube
- Using public Wi-Fi – a Smashing Security splinter
- Watchdog Wednesday: WiFi hackers – BBC
- Apple drops requirement for apps to use HTTPS by 2017
- Amazon Go debuts, and its prying cameras foil our shoplifting attempts
- Hacker Infects Gas Pumps with Code to Cheat Customers
- Making Blake's Seven 101 – YouTube
- Jon Alpert Speaks On His Film, "Cuba and the Cameraman" – YouTube
- Review: ‘Cuba and the Cameraman’ Lavishes Love on a Country … and Castro
- CARROT Weather on the iOS App Store
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
- Support us on Patreon!
Sponsor: LastPass
LastPass Enterprise makes password security effortless for your organization.
LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps.
But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users.
Go to smashingsecurity.com/lastpass to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses
Sponsor: CloudBerry Lab
Backup files, folders and system images to the cloud storage of your choice – with built-in 256 bit encryption ensuring your precious data remains private.
CloudBerry supports over 30 cloud storage providers, and works on Windows, Mac, Linux.
And unlike many of the other online backup solutions out there, you pay only once – rather than a subscription.
Find out more at cloudberrylab.com, where you can download a free trial and also explore CloudBerry’s solutions for businesses and MSPs.
Go to smashingsecurity.com/cloudberrylab to get 30% off the Windows desktop version. Meaning you can get this great software for the super price of around 20 bucks. Offer expires February 10th 2018.
Follow the show:
Follow the show on Bluesky at @smashingsecurity.com, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
